Blockchain investigator ZachXBT says attackers likely exploited THORChain across Bitcoin, Ethereum, BNB Chain, and Base, resulting in losses of more than $10.7 million. He shared the warning after reviewing wallet activity that moved funds through the cross-chain liquidity protocol.
He has built a reputation for tracing large hacks and complex laundering paths on public blockchains. In many past cases, his findings have later matched confirmations from security firms and projects.
THORChain’s Role in Recent Laundering Routes
THORChain is a major path for cross-chain liquidity, enabling users to transfer assets between chains without a centralized exchange or KYC checks.
But this openness has also made it a favorite tool for scammers and hackers, enabling them to shift stolen assets between Bitcoin and Ethereum. For example, in 2025, a hacker behind a $300 million theft from Coinbase converted around $42.5 million in Bitcoin to Ether on THORChain and sent ZachXBT an on-chain message mocking him.
Security reports in 2026 also show exploiters from the Kelp DAO incident allegedly laundering around 80 million dollars in ether via THORChain. In another case, an IoTeX bridge hacker bridged stolen tokens into Bitcoin using THORChain after draining an estimated 8.8 to 9 million dollars.
These patterns show that attackers now route large thefts through the same protocol that ZachXBT says someone likely exploited again.
Ongoing Security Questions Around THORChain
THORChain has faced security issues before. In 2021, it suffered several multimillion-dollar exploits, including an ETH router hack and a separate Bifrost bug that together cost users over 10 million dollars. The protocol was later completed with at least two security audits following those “summer exploits,” and services were restored after patches and reviews.
More recently, a social engineering scam drained a personal wallet thought to belong to a THORChain co-founder for about 1.2 to 1.35 million dollars, though it didn’t impact the fundamental system.
After ZachXBT reported the latest incident, investigators and users are closely analyzing on-chain data to identify which pools and addresses the attacker targeted and how they moved the funds.
READ MORE: Ethereum Price Hits Decision Point as Triangle Apex Nears
